Dr. Stephen Henson
73a9f60dd1
Print <ABSENT> if a STACK is NULL.
...
If a STACK (corresponding to SEQUENCE OF or SET OF) is NULL then the
field is absent as opposed to empty (present but has zero elements).
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-29 16:21:46 +01:00
Dr. Stephen Henson
56501ebd09
Add ASN1_ITEM lookup and enumerate functions.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-29 16:21:45 +01:00
Rich Salz
f3b3d7f003
Add -Wswitch-enum
...
Change code so when switching on an enumeration, have case's for all
enumeration values.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-22 08:36:26 -04:00
FdaSilvaYY
0fe9123687
Constify a bit X509_NAME_get_entry
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23 11:47:22 +02:00
FdaSilvaYY
9f5466b9b8
Constify some X509_NAME, ASN1 printing code
...
ASN1_buf_print, asn1_print_*, X509_NAME_oneline, X509_NAME_print
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23 11:47:22 +02:00
FdaSilvaYY
a026fbf977
Constify some inputs buffers
...
remove useless cast to call ASN1_STRING_set
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23 11:47:22 +02:00
FdaSilvaYY
35da893f86
Constify ASN1_PCTX_*
...
... add a static keyword.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23 11:47:22 +02:00
Matt Caswell
030648cea9
Ensure the mime_hdr_free function can handle NULLs
...
Sometimes it is called with a NULL pointer
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-23 00:19:15 +01:00
Dr. Stephen Henson
0b7347effe
Add X509_getm_notBefore, X509_getm_notAfter
...
Add mutable versions of X509_get0_notBefore and X509_get0_notAfter.
Rename X509_SIG_get0_mutable to X509_SIG_getm.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-08-21 18:25:23 +01:00
Kurt Roeckx
a73be798ce
Fix off by 1 in ASN1_STRING_set()
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR: #3176
2016-08-20 18:53:56 +02:00
Dr. Stephen Henson
095d2f0f8a
Constify i2a*
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-18 17:20:36 +01:00
Matt Caswell
604f6eff31
Convert X509_REVOKED* functions to use const getters
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-18 11:59:39 +01:00
Dr. Stephen Henson
59b4da05b4
Constify X509_SIG.
...
Constify X509_SIG_get0() and order arguments to mactch new standard.
Add X509_SIG_get0_mutable() to support modification or initialisation
of an X509_SIG structure.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17 17:48:43 +01:00
Dr. Stephen Henson
8900f3e398
Convert X509* functions to use const getters
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 13:59:04 +01:00
Dr. Stephen Henson
245c6bc33b
Constify private key decode.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 12:01:29 +01:00
Dr. Stephen Henson
ac4e257747
constify X509_ALGOR_get0()
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 12:01:29 +01:00
Dr. Stephen Henson
0c8006480f
Constify ASN1_item_unpack().
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 12:01:29 +01:00
Matt Caswell
b2e57e094d
Convert PKCS8* functions to use const getters
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-16 23:36:27 +01:00
Dr. Stephen Henson
17ebf85abd
Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data().
...
Deprecate the function ASN1_STRING_data() and replace with a new function
ASN1_STRING_get0_data() which returns a constant pointer. Update library
to use new function.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16 16:05:35 +01:00
Dr. Stephen Henson
8b9afbc0fc
Check for errors in a2d_ASN1_OBJECT()
...
Check for error return in BN_div_word().
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-16 00:19:19 +01:00
Dr. Stephen Henson
262bd85fde
Add X25519 methods to internal tables
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
klemens
6025001707
spelling fixes, just comments and readme.
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1413 )
2016-08-05 19:07:30 -04:00
Dr. Stephen Henson
3dc87806ce
Free buffer in a2i_ASN1_INTEGER() on error path.
...
Thank to Shi Lei for reporting this bug.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-05 16:36:17 +01:00
FdaSilvaYY
f48ebf9f4c
Constify ASN1_INTEGER_get, ASN1_ENUMERATED_get
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-04 17:02:48 +02:00
Dr. Stephen Henson
56f9953c84
Check for overlows and error return from ASN1_object_size()
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-02 13:40:32 +01:00
Dr. Stephen Henson
e9f17097e9
Check for overflows in ASN1_object_size().
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-02 13:40:32 +01:00
FdaSilvaYY
d3d5dc607a
Enforce and explicit some const casting
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300 )
2016-07-25 08:20:00 -04:00
FdaSilvaYY
e83f154f6c
Constify i2t_ASN1_OBJECT, i2d_ASN1_OBJECT, i2a_ASN1_OBJECT.
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300 )
2016-07-25 08:20:00 -04:00
FdaSilvaYY
dbf89a9b94
Constify ASN1_buf_print
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300 )
2016-07-25 08:20:00 -04:00
FdaSilvaYY
08275a29c1
Constify ASN1_TYPE_get, ASN1_STRING_type, ASN1_STRING_to_UTF8, ASN1_TYPE_get_octetstring & co...
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300 )
2016-07-25 08:20:00 -04:00
Kurt Roeckx
1618679ac4
Cast to an unsigned type before negating
...
llvm's ubsan reported:
runtime error: negation of -9223372036854775808 cannot be represented in type
'long'; cast to an unsigned type to negate this value to itself
Found using afl
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1325
2016-07-20 19:25:16 +02:00
Kurt Roeckx
69588edbaa
Check for errors allocating the error strings.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #1330
2016-07-20 19:20:53 +02:00
Dr. Stephen Henson
ad72d9fdf7
Check and print out boolean type properly.
...
If underlying type is boolean don't check field is NULL.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-19 02:33:05 +01:00
Dr. Stephen Henson
3cea73a7fc
Fix print of ASN.1 BIGNUM type.
...
The ASN.1 BIGNUM type needs to be handled in a custom way as it is
not a generic ASN1_STRING type.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-18 17:53:05 +01:00
Kurt Roeckx
5e3553c2de
Return error when trying to print invalid ASN1 integer
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1322
2016-07-16 21:51:49 +02:00
Dr. Stephen Henson
5bd5dcd496
Add nameConstraints commonName checking.
...
New hostname checking function asn1_valid_host()
Check commonName entries against nameConstraints: any CN components in
EE certificate which look like hostnames are checked against
nameConstraints.
Note that RFC5280 et al only require checking subject alt name against
DNS name constraints.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-11 23:30:04 +01:00
Dr. Stephen Henson
b385889640
Don't indicate errors during initial adb decode.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-07-06 02:41:14 +01:00
FdaSilvaYY
68efafc513
Add checks on sk_TYPE_push() returned value
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-05 17:45:50 +01:00
FdaSilvaYY
02e112a885
Whitespace cleanup in crypto
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1264 )
2016-06-29 09:56:39 -04:00
Kurt Roeckx
5bea15ebb3
Avoid signed overflow
...
Found by afl
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR: #3013
2016-06-24 18:17:10 +02:00
Matt Caswell
d6079a87db
Fix ASN1_STRING_to_UTF8 could not convert NumericString
...
tag2nbyte had -1 at 18th position, but underlying ASN1_mbstring_copy
supports NumericString. tag2nbyte is also used in do_print_ex which will
not be broken by setting 1 at 18th position of tag2nbyte
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-06-23 20:49:43 +01:00
FdaSilvaYY
687b486859
Rework error handling from asn1_do_lock method.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-23 14:00:47 +01:00
FdaSilvaYY
f430ba31ac
Spelling... and more spelling
...
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1245 )
2016-06-22 00:26:10 +02:00
Kurt Roeckx
5388b8d4e8
Avoid creating an illegal pointer.
...
Found by tis-interpreter
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1230
2016-06-21 20:55:54 +02:00
Rich Salz
7f96f15bcf
Fix build break.
...
Aggregate local initializers are rarely portable (:
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-16 14:22:58 -04:00
FdaSilvaYY
bd227450d4
Constify asn1/asn_mime.c
...
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215 )
2016-06-15 13:22:38 -04:00
FdaSilvaYY
fa3a84422d
Constify some input buffers in asn1
...
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215 )
2016-06-15 13:22:38 -04:00
Richard Levitte
fdcb499cc2
Change (!seqtt) to (seqtt == NULL)
...
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-06-15 01:36:11 +02:00
Richard Levitte
bace847eae
Always check that the value returned by asn1_do_adb() is non-NULL
...
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-06-15 01:36:11 +02:00
Dr. Stephen Henson
7c46746bf2
Fix omitted selector handling.
...
The selector field could be omitted because it has a DEFAULT value.
In this case *sfld == NULL (sfld can never be NULL). This was not
noticed because this was never used in existing ASN.1 modules.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-14 19:15:51 +01:00